GNOME Bugzilla – Bug 752788
gnome-shell breaks if window name contains an incorrect UTF8 sequence
Last modified: 2016-06-07 18:23:42 UTC
When trying to switch to overview mode, all the windows disappear, only the menu remains. июл 23 17:30:57 morseworkbook gnome-session[7701]: Window manager warning: Property _NET_WM_NAME on window 0x1000002 contained invalid UTF-8 июл 23 17:30:57 morseworkbook gnome-session[7701]: (gnome-shell:7737): Pango-WARNING **: Invalid UTF-8 string passed to pango_layout_set_text() июл 23 17:31:01 morseworkbook gnome-session[7701]: (gnome-shell:7737): Gjs-WARNING **: JS ERROR: Error: Failed to convert UTF-8 string to JS string: Недопустимая последовательность байтов во входных преобразуемы июл 23 17:31:01 morseworkbook gnome-session[7701]: WindowOverlay<._init@resource:///org/gnome/shell/ui/workspace.js:437 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: _Base.prototype._construct@resource:///org/gnome/gjs/modules/lang.js:110 июл 23 17:31:01 morseworkbook gnome-session[7701]: Class.prototype._construct/newClass@resource:///org/gnome/gjs/modules/lang.js:204 июл 23 17:31:01 morseworkbook gnome-session[7701]: Workspace<._addWindowClone@resource:///org/gnome/shell/ui/workspace.js:1826 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: Workspace<._init@resource:///org/gnome/shell/ui/workspace.js:1138 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: _Base.prototype._construct@resource:///org/gnome/gjs/modules/lang.js:110 июл 23 17:31:01 morseworkbook gnome-session[7701]: Class.prototype._construct/newClass@resource:///org/gnome/gjs/modules/lang.js:204 июл 23 17:31:01 morseworkbook gnome-session[7701]: WorkspacesView<._updateWorkspaces@resource:///org/gnome/shell/ui/workspacesView.js:262 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: WorkspacesView<._init@resource:///org/gnome/shell/ui/workspacesView.js:111 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: _Base.prototype._construct@resource:///org/gnome/gjs/modules/lang.js:110 июл 23 17:31:01 morseworkbook gnome-session[7701]: Class.prototype._construct/newClass@resource:///org/gnome/gjs/modules/lang.js:204 июл 23 17:31:01 morseworkbook gnome-session[7701]: WorkspacesDisplay<._updateWorkspacesViews@resource:///org/gnome/shell/ui/workspacesView.js:552 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: WorkspacesDisplay<.show@resource:///org/gnome/shell/ui/workspacesView.js:482 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: ViewSelector<.show@resource:///org/gnome/shell/ui/viewSelector.js:252 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: Overview<._animateVisible@resource:///org/gnome/shell/ui/overview.js:555 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: Overview<.show@resource:///org/gnome/shell/ui/overview.js:541 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: Overview<.toggle@resource:///org/gnome/shell/ui/overview.js:671 июл 23 17:31:01 morseworkbook gnome-session[7701]: wrapper@resource:///org/gnome/gjs/modules/lang.js:169 июл 23 17:31:01 morseworkbook gnome-session[7701]: _initializeUI/<@resource:///org/gnome/shell/ui/main.js:179
*** Bug 763795 has been marked as a duplicate of this bug. ***
This is, again, gjs barfing on non-utf8 data. Right now a client can crash gnome-shell easily, e.g. like this: #include <gtk/gtk.h> int main (void) { GtkWidget *window; gchar invalid_utf8[] = { 0xFF, 0x00 }; gtk_init (NULL, NULL); window = gtk_window_new (GTK_WINDOW_TOPLEVEL); gtk_widget_show_all (window); gtk_window_set_title (GTK_WINDOW (window), invalid_utf8); gtk_main (); return 0; }
Created attachment 324558 [details] [review] window: Ensure window title and wm_class are valid UTF-8 gjs throws exceptions on non UTF-8 strings which, in some cases, totally crash gnome-shell. Since these properties are set directly from clients this makes us vulnerable to buggy or malicious applications. We could change gjs to not throw exceptions, sprinkle gnome-shell with try/catch blocks or fix the issue at the root here.
*** Bug 766823 has been marked as a duplicate of this bug. ***
Review of attachment 324558 [details] [review]: ::: src/core/window.c @@ +7334,3 @@ + + if (!g_utf8_validate (title, -1, NULL)) + title = ""; I'm a bit divided on this, as non-UTF8 window titles work fine for the main use case - the titlebar - and they are legal for the fallback XA_WM_NAME property as far as I know. We could store a copy in title_utf8 and use that for the GObject property, but then I'm not sure having the title in the titlebar but not elsewhere (overview, window list, window switcher, ...) wouldn't be confusing ...
(In reply to Florian Müllner from comment #5) > I'm a bit divided on this, as non-UTF8 window titles work fine for the main > use case - the titlebar - and they are legal for the fallback XA_WM_NAME > property as far as I know. We could store a copy in title_utf8 and use that > for the GObject property, but then I'm not sure having the title in the > titlebar but not elsewhere (overview, window list, window switcher, ...) > wouldn't be confusing ... We can also g_convert()
(In reply to Rui Matos from comment #6) > We can also g_convert() I'd say that or your original patch - after all, non-UTF8 is very much a corner case nowadays (as sad as it is that it is still a case in the first place ...)
Created attachment 329286 [details] [review] x11/window-props: Convert WM_NAME and WM_CLASS to UTF-8 gjs throws exceptions on non UTF-8 strings which, in some cases, crash gnome-shell. ICCCM string properties are defined to be Latin-1 encoded so we can try to convert them to avoid it. Note that _NET_WM_NAME is defined to be UTF-8 and we already validate it in utf8_string_from_results() .
Created attachment 329287 [details] [review] wayland/*-shell: UTF-8 validate title, class and app ID strings The protocol says these must be UTF-8 so let's ensure they are. -- These move the validation/conversion closer to the protocol boundary.
Review of attachment 329286 [details] [review]: LGTM
Review of attachment 329287 [details] [review]: Dto.
Attachment 329286 [details] pushed as d62491f - x11/window-props: Convert WM_NAME and WM_CLASS to UTF-8 Attachment 329287 [details] pushed as 2292458 - wayland/*-shell: UTF-8 validate title, class and app ID strings